Federal regulators are increasing their scrutiny of companies' compliance with Anti-Money Laundering and Bank Secrecy Act Obligations, and if January is any indication, 2021 will be a record year for penalties. Just in the last two months, regulators have imposed more than $200 million in penalties on corporations. For example, the Federal Deposit Insurance Corporation (FDIC) assessed a $12.5 million penalty against a company for unspecified AML violations; and the Financial Crimes Enforcement Network (FinCEN) penalized a company $390 million for failing to file suspicious-activity and currency-transaction reports, and for failing to implement and maintain an effective Anti-Money Laundering program. These large penalties are consistent with an enforcement trend that has seen financial regulators impose escalating fines and penalties on companies for AML violations. Total penalties for such violations exceeded $10 billion worldwide in 2020.

The US Congress has turned its attention to AML compliance as well. The National Defense Authorization Act for fiscal year 2021, passed over a presidential veto, included the Anti-Money Laundering Act of 2020 (AML Act). The AML Act includes provisions for the creation of a federal database of beneficial owners; expanded coverage of the Bank Secrecy Act of 1970 (BSA) to include areas such as dealers in antiquities and virtual currencies; made available additional tools for law enforcement; heightened penalties for violations; and enhanced the AML whistleblower law.

BSA/AML Compliance Program Requirements

Against this background of increased regulatory scrutiny, the Federal Reserve, FDIC, National Credit Union Administration and Office of the Comptroller of the Currency issued a joint statement on August 13, 2020, which provided guidance to companies on the minimum requirements of an effective BSA/AML compliance program. The agencies specified four pillars that make up an adequate BSA/AML compliance program: 1) a system of internal controls that assure ongoing compliance; 2) independent testing; 3) a designated individual or individuals responsible for monitoring BSA/AML compliance; and 4) training for appropriate personnel. They added that the compliance program also must include a Customer Identification Program with risk-based procedures such that the institution has reasonable belief that it knows the identity of its customers, donors, vendors and others with whom the company has financial transactions.

To be clear, it is not only banks and other financial institutions that have these obligations. The FBI reportedly issued a bulletin in May 2020, calling for greater scrutiny on private investment funds to determine if they possess adequate AML compliance programs. Further, while FinCEN has stated that charities and non-profit organizations are not viewed as high-risk entities for money laundering, it nonetheless also reminded these institutions that they must still have adequate AML safeguards in place.


Companies should expect to see a continued focus on AML compliance in 2021 with regulators and law enforcement using the new tools they have been given through the AML Act, assessing increased monetary penalties, and making concerted efforts to monitor AML compliance of non-banking entities. Thus now is a good time for companies to review their AML policies and determine if they provide adequate protection or if updating is in order.